.\"
.\" This file and its contents are supplied under the terms of the
.\" Common Development and Distribution License ("CDDL"), version 1.0.
.\" You may only use this file in accordance with the terms of version
.\" 1.0 of the CDDL.
.\"
.\" A full copy of the text of the CDDL should have accompanied this
.\" source.  A copy of the CDDL is also available via the Internet at
.\" http://www.illumos.org/license/CDDL.
.\"
.\"
.\" Copyright 2020 Joyent, Inc.
.\"
.Dd January 22, 2020
.Dt KBMD 1M
.Os
.Sh NAME
.Nm kbmd
.Nd Key Backup and Management Daemon
.Sh SYNOPSIS
.Nm
.Op Fl d
.Sh DESCRIPTION
.Nm
manages the ebox-protected keys for encrypted datasets.
.Nm
stores the eboxes of encrypted datasets in the
.Sy com.joyent.kbm:ebox
and
.Sy com.joyent.kbm:stagedebox
.Xr zfs 1M
properties.
These properties should only be manipulated by
.Nm
via the use of the
.Xr kbmadm 1M
utility.
.Ss OPTIONS
.Bl -tag -width Fl
.It Fl d
Start in debug mode.
.Nm
stays in the foreground and logs more detail.
.El
.Sh PLUGINS
The
.Nm
daemon utilizes plugins to manage PIV token PINs, recovery tokens, and
recovery configurations.
Upon startup,
.Nm
will set its plugin path by examining (in order):
.Bl -bullet -offset indent
.It
The environment variable
.Ev KBM_PLUGIN_DIR .
.It
The
.Xr smf 5
property
.Sy kbmd/kbmd-plugin-dir
when
.Nm
is started via
.Xr smf 5 .
.It
The path
.Pa /usr/lib/kbm/plugins
if neither of the previous methods are defined.
.El
.Pp
.Nm
will then scan the plugin directory for a supported plugin.
The first supported plugin found will be utilized by
.Nm .
.Pp
The plugin interface specification can be viewed at
.Lk https://github.com/joyent/kbmd/blob/master/plugins/README.md
.Sh ENVIRONMENT
.Bl -tag -width Ev
.It Ev KBM_PLUGIN_DIR
The directory to search for plugins.
If set, this overrides the default path as well as any path in
.Xr smf 5 .
.El
.Sh FILES
.Bl -tag -width Pa
.It Pa /usr/lib/kbm/plugins
The default plugin path.
This can be overridden via the
.Sy kbmd/kbmd-plugin-dir
.Xr smf 5
property or by setting
.Ev KBM_PLUGIN_DIR
to a different value.
.El
.Sh INTERFACE STABILITY
Private
.Sh SEE ALSO
.Xr kbmadm 1m
